Giters

bhattsameer / Random_data

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Study Material

Reference:

https://mobexler.com/checklist.htm https://enciphers.com/awesome-ios-application-security/ https://codifiedsecurity.com/mobile-app-security-testing-checklist-ios/ https://developer.apple.com/documentation/webkit/wkwebview https://github.com/tanprathan/MobileApp-Pentest-Cheatsheet https://medium.com/inbughunters/basic-ios-apps-security-testing-lab-1-2bf37c2a7d15

OWASP testing: https://docs.google.com/document/d/1N7zMXlFHtWfc00xa6lRHnVB60U4BZO4SbUrWYMbojVM/edit

http://damnvulnerableiosapp.com/#solutions

https://appsec-labs.com/iot-attacks-tests/

https://appsec-labs.com/portal/kb/

https://github.com/ashishb/osx-and-ios-security-awesome https://github.com/prateek147/DVIA-v2 https://github.com/ansjdnakjdnajkd/iOS https://github.com/ivRodriguezCA/RE-iOS-Apps

https://github.com/felixgr/secure-ios-app-dev https://github.com/kai5263499/osx-security-awesome https://www.theiphonewiki.com/ http://www.securitylearn.net/ https://support.apple.com/en-gb/guide/security/welcome/web https://support.apple.com/en-gb/guide/security/sec35dd877d0/1/web/1 https://github.com/OWASP/owasp-mstg/blob/master/Document/0x06d-Testing-Data-Storage.md https://help.apple.com/xcode/mac/current/#/dev88ff319e7

https://github.com/rustymagnet3000/debugger_challenge#challenge-find-encryption-key

https://github.com/Siguza/ios-resources

Keychain touchid and face id: https://developer.apple.com/documentation/localauthentication/accessing_keychain_items_with_face_id_or_touch_id

http://iphonedevwiki.net/index.php/Main_Page

https://siguza.github.io/psychicpaper/

Tools

https://github.com/BishopFox/bfinject

Decrypt IPA: bfinject -P AppName -L decrypt

https://github.com/AloneMonkey/frida-ios-dump

SSL Pinning bypass: SSL kill switcher + mobile assistant Frida

SSL pinning bypass below ios 10 it will work: https://portswigger.net/burp/documentation/desktop/tools/mobile-assistant/installing

https://www.privoxy.org/

open info.plist and modify UIDeviceFamily to 1

install ipad apps on iphone

Memory corruption bugs:

memcpy, strcpy, sprintf etc.

Open info.plist it will contains information on URL schemes registered by application under the CFBundleURLTypes key

Reverse binary online:

https://cloud.binary.ninja/

Extra

SSL checklist for pentester manual testing:

http://www.exploresecurity.com/wp-content/uploads/custom/SSL_manual_cheatsheet.html

Reference:

https://codifiedsecurity.com/resources/

https://appsec-labs.com/iot-attacks-tests/

https://appsec-labs.com/portal/kb/

https://github.com/ashishb/osx-and-ios-security-awesome

About